Pages

Sunday, January 28, 2007

LDAP Authentication with Apache Derby (Java DB)

It has come to my attention that there is not a really good tutorial on how to use Apache Derby and LDAP without combining a lot of different sources. Hopefully this will simplify the work for everyone wanting to use LDAP authentication with Apache Derby.

Assumptions:


Procedures:

Global:

If you want to have the configuration set on a global level add the following to a file called derby.properties in the installation directory. You will need to modify it to match your environment.

derby.connection.requireAuthentication=true
derby.authentication.provider=LDAP
derby.authentication.server=ldap://localhost:389
derby.authentication.ldap.searchBase=ou=people,dc=bluelotusholdings,dc=com
derby.database.defaultAccessMode=fullAccess

Database:

You can set the database properties on a database basis. This is accomplished by setting the parameters (database properties) in the database using SQL. The script is located below. This must be modified to accommodate your environment. Place the jndi and ldap files in the directory containing the database (see below). The database in my example is called ldaptest.




/* Apache Derby 10.x */


/*
* This file is used to set the database-wide LDAP configuration. Rebooting the service is
* required for the changes to take effect.
*/

/* Set the authentication provider to LDAP */


CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
'derby.authentication.provider',
'LDAP')

/* Set the LDAP server */

CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
'derby.authentication.server',
'banyan:389')

/* Set the BaseDN to search */

CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
'derby.authentication.ldap.searchBase',
'ou=people,dc=bluelotusholdings,dc=com')

/* Create a cached entry for a user */

CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
'derby.user.jyeary',
'uid=jyeary,ou=people,dc=bluelotusholdings,dc=com')
Once you have executed the script above, you will need to restart the database. I used my Aqua Studio application to connect to the database.


All Done!

Notes:

  • If LDAP is not available you can not connect to the database.

2 comments:

  1. CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.server',
    'banyan:389')

    -----> why it is not 'localhost:389' here? The LDAP server is located on the localhost, isn't it.

    ReplyDelete
  2. In this case, the server is called banyan and it is accessible from the network. If you used localhost, then the application would only be available from the single machine and not the network.

    ReplyDelete